[ovs-discuss] OVSDB with SSL connection

Ben Pfaff blp at ovn.org
Fri Jan 6 05:01:03 UTC 2017

On Thu, Jan 05, 2017 at 05:50:45PM -0800, Paul White wrote:
> I am configuring ovsdb-server to connect to a remote manager using SSL.  I
> have the certificates configured, and the connection works as long as I do
> not configure a ca-cert.   Configuring a ca-cert causes server-side
> certificate verification to fail in OpenSSL.
> I believe this is because I am only allowed to insert an IP address for
> remote manager target and the remote server is using a certificate
> generated with it's DNS name, not IP address.
> Is there a way (or any plans to support) providing a hostname target inside
> the manager table?  This would allow the OpenSSL library to properly verify
> server-side certificate.  Using per-IP certificates is not an option for us
> to due to load balancing and scale.

We'd accept a working patch.

More information about the discuss mailing list